Archive for the ‘Server Security’ Category
Friday, August 21st, 2009
A hacker (or, if you prefer, cracker) begins a DDoS attack by exploiting a vulnerability in one computer system and making it the DDoS “master.” It is from the master system that the intruder identifies and communicates with other systems that can be compromised.
The intruder loads cracking tools available on the Internet on multiple — sometimes thousands of — compromised systems. With a single command, the intruder instructs the controlled machines to launch one of many flood attacks against a specified target. The inundation of packets to the target causes a denial of service.
While the press tends to focus on the target of DDoS attacks as the victim, in reality there are many victims in a DDoS attack — the final target and as well the systems controlled by the intruder.
Filed under Server Security | No Comments »
Sunday, May 24th, 2009
The earlier version was PHPsuExec but that is quickly being replaced by suPHP and the two do basically the same thing.
suPHP provides an additional layer of protection on servers. It causes php scripts to run under the account username instead of the user ‘nobody’ which is the user that apache/php would run under on a server that is not running suPHP. This feature allows us to more easily track any potential security breaches that come in via insecure php script(s) that a user is running.
suPHP also does away with the requirement of using 777 permissions on directories/files that need write permission. In fact if a directory and/or file has the permission set to (CHMOD) 777 and it is access via a browser, then an internal server error 500 will be generated. The highest level of permissions that a user can use on a suPHP enabled server is 755. This permission setting is sufficient enough for any directories/files that needs to be written to.
The benefit of using suPHP besides better security, is that it will make any PHP applications (most often CMS systems) such as Mambo more user friendly. Case in point: If you upload/install anything via Mambo such as a template on a non-suphp server, then those template files will be owned by ‘nobody’ and you will not be able to edit them manually or even delete them from your account. This ownership issue is done away with suPHP. On a suPHP enabled server, those same template files will be owned by the account username and the account holder will be able to manipulate those files as he sees fit.
No longer do you need to use (chmod) the dangerous file permission of 666 or the folder permission of 777 to make things writable.
The correct permissions should be:
- Writable Folders: 755
- Writable Files: 644
- Files that need to be un-writable: 444
Tags: suPHP
Filed under Linux Web Hosting, PHP Hosting, Server Security, Website Development | No Comments »
Friday, May 22nd, 2009
By default, SourceGuardian is not installed on any of our web hosting packages. However, that does not mean that you are not able to host any scripts that are encoded with SourceGuardian!
SourceGuardian does tell you to upload there encoders to the scripts folder and it will load the files as long the php function dl() is enabled as part of the installation. And unfortunately we have to dissapoint you once again, dl() is disabled for security reasons on all web hosting packages.
Below we will explain you how to get the scripts to run properly, this is possible since we run suPHP.
First you need to create a new .htaccess file in your public_html folder if you haven’t done already. Otherwise you need to edit your current .htaccess file.
In your .htaccess file under your public_html folder, add the following:
suPHP_ConfigPath /home/user/public_html
<Files php.ini>
order allow,deny
deny from all
</Files>
Note: Make sure to change the user text above to your account user name.
Then create a php.ini file under your public_html folder and add the following (or edit the current file if you have a php.ini file):
extension_dir=/home/user/public_html/extensions
[Zend]
zend_extension=/usr/local/ioncube/ioncube_loader_lin_5.2.so
zend_optimizer.optimization_level=15
zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-3.3.3
zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-3.3.3
zend_extension=/usr/local/Zend/lib/ZendExtensionManager.so
zend_extension_ts=/usr/local/Zend/lib/ZendExtensionManager_TS.so
extension=/home/user/public_html/extensions/ixed.5.2.lin
Note: Make sure to change the user text above to your account user name.
Zend Optimizer and IonCube loaders are added as well so you won’t drop the support for them with your new php.ini file.
Now create a new folder called "extensions" in your public_html folder and download the required loader at http://www.sourceguardian.com/ixeds/ixed4.lin.x86-64.zip
Then extract the zip file and upload the file "ixed.5.2.lin" to your created folder "extensions"
You may choose another folder to upload the SourceGuardian loader to but remember to have the folder name reflect the one you typed within your php.ini file.
Full details about SourceGuardian can be found at there website, located here:
http://www.sourceguardian.com
Congratulations, you have just installed SourceGuardian in your web hosting account and your script should now run properly!
Tags: htaccess, suPHP
Filed under Linux Web Hosting, PHP Hosting, Server Security, Web Hosting Services | No Comments »
Monday, May 18th, 2009
If you are receiving the error 500 it will be due to one of the following issues:
Check your .htaccess file for php_ commands. If you have any, add a # in front of the line or delete them. Then test your webpage. If you still have the error try removing everything from your .htaccess file. If that resolves the issue add the .htaccess lines back one at time until you find the bad line.
If these steps do not resolve your issue try the next steps.
- File and folder permissions
Check your files and folders to make sure you don’t have any files with the permission 666 or folders with the permission 777.
Those permissions are not needed onĀ our servers. We run suPHP which allows you to make files writable without creating the major security hole that occurs when using the permissions 666 and 777.
The correct permissions should be:
Folders: 755
Files: 644
Files that need to be unwritable: 444
If you added a MiME-Type to the system in order to run html files as php scripts, you will have to remove it and add an ApacheHandler instead.
Log into cPanel, then click on Apache Handlers and add the following:
Handler: application/x-httpd-php
Extension(s): .html
Tags: htaccess, suPHP
Filed under PHP Hosting, Server Security, Website Development | No Comments »
Saturday, May 16th, 2009
If you get this error when sending email:
The server responded: 503 valid RCPT command must precede DATA
This error occurs because on our mail server you must check your email before trying to send mail. Once you send authentication to check mail the server will allow you to send mail for 30 minutes from that IP without authentication.
There are two solutions to this problem:
- Always check your email for new mail before trying to send email. Most if not all email applications already do this by default. Checking mail adds your IP address to a relayhosts file and allows any email to be sent from that IP address for up to 30 minutes.
- Configure your email client to authenticate automatically by checking the "my server requires authentication" box in your email configuration. You will be able to send mail without having to "pop" your mail box first.
Filed under Server Security, eMail Questions | No Comments »
